Pentesting Tools
RedactedWorld ships with a curated set of open-source security tools. Each tool runs in an isolated Kubernetes Job container with its own resource limits and network policy.
MVP Tool Catalog
The initial release includes four tools covering network, web, TLS, and DNS reconnaissance.
Network Scanner -- nmap
Nmap is the industry-standard network discovery and port scanning utility.
| Property | Value |
|---|---|
| Tool | nmap 7.94+ |
| Container Image | registry.gitlab.redactedworld.com/tools/nmap:latest |
| Default Scan Profile | TCP SYN scan (-sS) on top 1000 ports |
| Output Format | XML (-oX) parsed into structured JSON |
Capabilities:
- TCP and UDP port scanning
- Service version detection (
-sV) - OS fingerprinting (
-O) - Script scanning with NSE scripts (
--script)
Scan profiles available to users:
- Quick Scan -- Top 100 ports, SYN scan
- Standard Scan -- Top 1000 ports, SYN scan + version detection
- Full Scan -- All 65535 ports, SYN scan + version detection + OS detection
Web Vulnerability Scanner -- OWASP ZAP
OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner maintained by the OWASP Foundation.
| Property | Value |
|---|---|
| Tool | OWASP ZAP 2.14+ |
| Container Image | registry.gitlab.redactedworld.com/tools/zap:latest |
| Default Scan Profile | Baseline scan (passive + active spider) |
| Output Format | JSON report |
Capabilities:
- Passive vulnerability scanning (observes traffic patterns)
- Active scanning (sends crafted requests to detect vulnerabilities)
- Spider/crawl for URL discovery
- AJAX spider for JavaScript-heavy applications
- OWASP Top 10 coverage
Scan profiles available to users:
- Baseline Scan -- Passive scanning only, low risk
- Standard Scan -- Passive + active scanning
- Full Scan -- Spider + passive + active scanning with extended timeout
SSL/TLS Analyzer -- sslyze
SSLyze is a fast TLS/SSL scanner that analyzes the configuration of a server.
| Property | Value |
|---|---|
| Tool | sslyze 6.0+ |
| Container Image | registry.gitlab.redactedworld.com/tools/sslyze:latest |
| Default Scan Profile | Full TLS analysis |
| Output Format | JSON |
Capabilities:
- Certificate chain validation
- Cipher suite enumeration
- Protocol support detection (SSLv2, SSLv3, TLS 1.0-1.3)
- Vulnerability checks (Heartbleed, ROBOT, CCS Injection)
- HSTS and HPKP header analysis
- OCSP stapling verification
DNS Reconnaissance -- subfinder + dig
Subfinder discovers subdomains using passive sources, and dig performs authoritative DNS lookups.
| Property | Value |
|---|---|
| Tool | subfinder 2.6+ and dig (bind-utils) |
| Container Image | registry.gitlab.redactedworld.com/tools/dns-recon:latest |
| Default Scan Profile | Passive subdomain enumeration + DNS record resolution |
| Output Format | JSON |
Capabilities:
- Passive subdomain enumeration from 40+ sources (Certificate Transparency logs, search engines, DNS datasets)
- DNS record resolution (A, AAAA, CNAME, MX, TXT, NS, SOA)
- Subdomain takeover detection
- Zone transfer testing
Request Additional Tools
The tool catalog will expand over time. If you need a specific tool that is not currently available, contact the RedactedWorld team through the Support section of the platform. Tool requests are evaluated for:
- Security and licensing compliance
- Container isolation feasibility
- Output format parseability
- Community adoption and maintenance status